Pages:
Author

Topic: zip - page 5. (Read 11503 times)

sr. member
Activity: 910
Merit: 302
May 28, 2014, 08:14:46 AM
Ok the situation is resolved, it should run smooth as a panda now.

WhatsBitcoin, I just credited your account with 0.005 again so you can see Smiley
sr. member
Activity: 910
Merit: 302
May 28, 2014, 06:33:25 AM
You got them?
Yes. My intentions were to play but I could not. Everytime I pressed spin about 75% it didn't spin. The other 25% it spun and just showed blanks for all 3 reels. After 5-10 seconds random symbols would appear in a couple of the reels. From my system, it was a very buggy and bad experience so I withdrew my balance. I was not trying to be a freeroller and simply withdraw but a couple of spins debited my acount and never even spun.

I can confirm that! Seems yesterday night we have hit the maximum of the current server and that caused the animation to be offsync because of late response from the server.
Thanks to your notice we were able to find it as it was happening and are in process of upgrading the server today.

As soon as we finish you win another 0.005 for letting us know and also to be able to test it properly Smiley


I want to thank you all for the support, this is our 3rd server upgrade in about 3 months or so since we started. And we love growing pains because that means you actually grow, lol Smiley
full member
Activity: 182
Merit: 100
May 28, 2014, 03:56:24 AM
Was your deposit successful?If so,it may have happened that you haven't won but don't get discouraged as it happens sometimes.There have been some quite big wins on the site so it all depends.
sr. member
Activity: 448
Merit: 250
May 28, 2014, 03:53:49 AM
the game is very detrimental
I tried to deposit 0.0008
8x spin not even win  Undecided
newbie
Activity: 29
Merit: 0
May 27, 2014, 06:06:13 PM
I have added bitbandit to the Bitcoin Games Directory now!
hero member
Activity: 560
Merit: 502
May 27, 2014, 01:09:36 PM
You got them?
Yes. My intentions were to play but I could not. Everytime I pressed spin about 75% it didn't spin. The other 25% it spun and just showed blanks for all 3 reels. After 5-10 seconds random symbols would appear in a couple of the reels. From my system, it was a very buggy and bad experience so I withdrew my balance. I was not trying to be a freeroller and simply withdraw but a couple of spins debited my acount and never even spun.
sr. member
Activity: 910
Merit: 302
May 27, 2014, 11:50:44 AM
You got them?
sr. member
Activity: 910
Merit: 302
May 27, 2014, 07:01:55 AM
***EASTERN EGG***
If you read this and it's the last post, you just won 0.005 BTC credit!
Post your username right away to get it.

Username Whatsbitcoin  Smiley

What is the max bet per spin by the way?

Refresh and you will see the money Smiley

The max bet atm is 0.001, min is 0.0001
hero member
Activity: 560
Merit: 502
May 27, 2014, 02:38:50 AM
***EASTERN EGG***
If you read this and it's the last post, you just won 0.005 BTC credit!
Post your username right away to get it.

Username Whatsbitcoin  Smiley

What is the max bet per spin by the way?
sr. member
Activity: 910
Merit: 302
May 27, 2014, 01:30:03 AM
***EASTERN EGG***
If you read this and it's the last post, you just won 0.005 BTC credit!
Post your username right away to get it.
sr. member
Activity: 910
Merit: 302
May 26, 2014, 12:14:18 PM
Hey W-M, do you agree?
Yes, I sure do. Thanks a lot for your detailed response Wink.

Although I would personally still advise against using SHA-1, as the $2.27 million attack is the one we know of, but there might be some attacks out there that we don't. A more efficient hashing algorithm does indeed result in the ability to serve more users at the same time. I would still decide to use a stronger, less efficient function over a weaker one, but that comes down to personal preference.

As for the first point:
This is a very smart solution for this problem, and also the one that I would use myself as well. It would make a great addition to your FAQ.

Again, thanks. You've handled my post very diligently.

~W-M


Yes indeed, you never know how many years after an attack is found we will know about it, but in this very specific case, where there is no real advantage to the attacker we went with this one. Wouldn't use it for something like passwords though.

Yes, it's good idea to add that to the FAQ, will do Smiley

Thanks!
W-M
full member
Activity: 210
Merit: 100
In Crypto we Trust.
May 26, 2014, 11:02:46 AM
Hey W-M, do you agree?
Yes, I sure do. Thanks a lot for your detailed response Wink.

Although I would personally still advise against using SHA-1, as the $2.27 million attack is the one we know of, but there might be some attacks out there that we don't. A more efficient hashing algorithm does indeed result in the ability to serve more users at the same time. I would still decide to use a stronger, less efficient function over a weaker one, but that comes down to personal preference.

As for the first point:
This is a very smart solution for this problem, and also the one that I would use myself as well. It would make a great addition to your FAQ.

Again, thanks. You've handled my post very diligently.

~W-M
newbie
Activity: 19
Merit: 0
May 26, 2014, 10:08:17 AM
I also think that this clarifies a lot.
sr. member
Activity: 910
Merit: 302
May 26, 2014, 09:57:03 AM
CrackedLogic, thanks Smiley
legendary
Activity: 1050
Merit: 1000
May 25, 2014, 11:01:32 AM
sr. member
Activity: 910
Merit: 302
May 25, 2014, 05:39:00 AM
Hey W-M, do you agree?
sr. member
Activity: 910
Merit: 302
May 23, 2014, 06:46:52 AM
Both are good questions, luckily for us we have it thought out and those areas in particular have been extensively considered.

1. As you know transactions are instant, confirmations  need 10 mins on average.
So you can play instantly, but can withdraw only after 2 confirmations. That's the best compromise between game play and security.
Why make the user wait to play, when the actual risk is only when withdrawing? Most people play more than 20 mins, so they don't have to wait for the withdraw either.
That way we prevent double spend attacks without actually sacrificing game play at all, neat right?


2.
http://en.wikipedia.org/wiki/SHA-1#Attacks
Quote
As of 2012, the most efficient attack against SHA-1 is considered to be the one by Marc Stevens[32] with an estimated cost of $2.77M to break a single hash value by renting CPU power from cloud servers.[33] Stevens developed this attack in a project called HashClash,[34] implementing a differential path attack. On 8 November 2010, he claimed he had a fully working near-collision attack against full SHA-1 working with an estimated complexity equivalent to 257.5 SHA-1 compressions. He estimates this attack can be extended to a full collision with a complexity around 261.

When building systems that have to be both secure and provide fast game play, one doesn't always just pick the most secure hashing but one that's secure enough for the purpose and efficient as well. You need a balanced decision. We believe that SHA-1 is plenty secure for our minimal and non-important use. Please note that the hashing is just to prevent the user from seeing the seed before the spin, nothing else. Even if he spends $2.7M to uncover it before the spin, he won't have any real gains from that. So the expense of the attack way overthrows the actual benefit.


I hope that this clears out your otherwise valid concerns Smiley
W-M
full member
Activity: 210
Merit: 100
In Crypto we Trust.
May 23, 2014, 04:41:06 AM
Quite an interesting website. The design of the Slot Machine looks nice.

There are however, two problems I currently have with your system:


1. How can people 'send you bitcoins and start playing' within 10 seconds?

This has me slightly concerned, as it usually takes longer, for one to two minutes, until a transaction is confirmed by most of the network. I think that 'within 10 seconds' is an overstatement.

And the more important issue is that you seem to not care at all about confirmations. If you let people play with money from a transaction that is not confirmed yet, you are very susceptible to double-spend attacks. How do you protect yourself from that?


2. You are using SHA-1 as Cryptographic Hash Function.
SHA-1 has been broken since 2005. A nice article with some details can be found here.
 Attacks always get better, they never get worse.
SHA-1 should not be used by anyone who takes themselves seriously. Especially if they are dealing with money.

So, what are you going to do about this?

I'm not trying to be mean, I know how much work goes into developing an intricate web system like this. But you really need to fix these issues if you want people to trust you with their money ;-).

Have a nice day,

~W-M
sr. member
Activity: 910
Merit: 302
May 23, 2014, 02:29:18 AM
What's annoying about strategies is that you win when you aren't playing for BTC and when you try you lose all of it  Grin

There it isn't good strategy Smiley
legendary
Activity: 1904
Merit: 1005
PGP ID: 78B7B84D
May 22, 2014, 03:07:59 PM
What's annoying about strategies is that you win when you aren't playing for BTC and when you try you lose all of it  Grin
Pages:
Jump to: